# SElinux platform-specific macros ... set in builddefs by configure
#

ifeq "$(PCP_SELINUX_INITRC_TMP)" "true"
PCP_INITRC_TMP_T="type initrc_tmp_t;"
ifeq "$(PCP_SELINUX_DIR_CLASS)" "true"
PCP_INITRC_TMP_RULE_1="allow pcp_pmcd_t initrc_tmp_t:dir { add_name remove_name write };"
endif
PCP_INITRC_TMP_RULE_2="allow pcp_pmcd_t initrc_tmp_t:file { create unlink };"
endif

ifeq "$(PCP_SELINUX_SUDO_EXEC)" "true"
PCP_SUDO_EXEC_T="type sudo_exec_t;"
PCP_SUDO_EXEC_RULE="allow pcp_pmcd_t sudo_exec_t:file { execute execute_no_trans };"
endif

ifeq "$(PCP_SELINUX_SECURITY)" "true"
PCP_SECURITY_T="type security_t;"
PCP_SECURITY_RULE="allow pcp_pmcd_t security_t:security { compute_av };"
endif

ifeq "$(PCP_SELINUX_CHKPWD_EXEC)" "true"
PCP_CHKPWD_EXEC_T="type chkpwd_exec_t;"
PCP_CHKPWD_EXEC_RULE="allow pcp_pmcd_t chkpwd_exec_t:file { execute execute_no_trans };"
endif

ifeq "$(PCP_SELINUX_INITRC)" "true"
PCP_INITRC_T="type initrc_t;"
PCP_INITRC_RULE="allow pcp_pmcd_t initrc_t:process { signull };"
endif

ifeq "$(PCP_SELINUX_VAR_LOG)" "true"
PCP_VAR_LOG_T="type var_log_t;"
PCP_VAR_LOG_RULE="allow pcp_pmcd_t var_log_t:file { write };"
endif

ifeq "$(PCP_SELINUX_LASTLOG)" "true"
PCP_LASTLOG_T="type lastlog_t;"
PCP_LASTLOG_RULE="allow pcp_pmcd_t lastlog_t:file { write };"
endif

ifeq "$(PCP_SELINUX_XAUTH_EXEC)" "true"
PCP_XAUTH_EXEC_T="type xauth_exec_t;"
PCP_XAUTH_EXEC_RULE="allow pcp_pmcd_t xauth_exec_t:file { execute };"
endif

ifeq "$(PCP_SELINUX_LOGROTATE)" "true"
PCP_LOGROTATE_T="type logrotate_t;"
PCP_LOGROTATE_RULE_1="allow logrotate_t pcp_pmcd_t:process { signull };"
PCP_LOGROTATE_RULE_2="allow pcp_pmcd_t logrotate_t:process { signull };"
endif

ifeq "$(PCP_SELINUX_FAILLOG)" "true"
PCP_FAILLOG_T="type faillog_t;"
PCP_FAILLOG_RULE="allow pcp_pmcd_t faillog_t:file { write };"
endif

ifeq "$(PCP_SELINUX_NETLINK_AUDIT_SOCKET_CLASS)" "true"
PCP_NETLINK_AUDIT_SOCKET_CLASS="class netlink_audit_socket { create nlmsg_relay };"
PCP_NETLINK_AUDIT_SOCKET_RULE="allow pcp_pmcd_t self:netlink_audit_socket { create nlmsg_relay };"
endif

ifeq "$(PCP_SELINUX_NETLINK_SELINUX_SOCKET_CLASS)" "true"
PCP_NETLINK_SELINUX_SOCKET_CLASS="class netlink_selinux_socket { bind create };"
PCP_NETLINK_SELINUX_SOCKET_RULE="allow pcp_pmcd_t self:netlink_selinux_socket { bind create };"
endif

ifeq "$(PCP_SELINUX_SOCK_FILE_CLASS)" "true"
PCP_SOCK_FILE_CLASS="class sock_file { write };"
PCP_SOCK_FILE_RULE="allow pcp_pmcd_t usr_t:sock_file { write };"
endif

ifeq "$(PCP_SELINUX_SECURITY_CLASS)" "true"
PCP_SECURITY_CLASS="class security { compute_av };"
endif

ifeq "$(PCP_SELINUX_DIR_CLASS)" "true"
PCP_DIR_CLASS="class dir { add_name remove_name write };"
PCP_DIR_RULE="allow pcp_pmcd_t usr_t:dir { add_name remove_name write };"
endif

ifeq "$(PCP_SELINUX_RAWIP_SOCKET_CLASS)" "true"
PCP_RAWIP_SOCKET_CLASS="class rawip_socket { create getopt setopt read write }; \# pmda.netcheck"
PCP_RAWIP_SOCKET_RULE="allow pcp_pmcd_t self:rawip_socket { create getopt setopt read write };"
endif

ifeq "$(PCP_SELINUX_HOSTNAME_EXEC_MAP)" "true"
PCP_MAP_OP="map"
PCP_MAP_RULE="allow pcp_pmcd_t hostname_exec_t:file { map };"
endif
